Our story

We have built a platform that gives software developers, DevOps engineers, and security pros, total visibility across development and production.


There are two kingdoms

Developers create code. Site reliability engineers manage environments. Security pros manage risk. CI/CD is the magic box that shuttles code from development to production.

The result is that despite the promise of DevOps, there are two kingdoms. Developers have no visibility into production, SREs have no visibility into development, and security pros have no visibility into either.

dangerous man lives here


Developers can't see into production

Developers are flying blind when they are trying to figure out where, and what version of their code is running in production. To make the matter worse, they know even less about other peoples code and services that they are dependent on.

home heavily guarded


SREs can't see into development

SREs are isolated from the code being deployed. They know that a build has run, and that a deployment has happened, but they don’t know about the code itself. They don't know where it came from, who to talk to about it, if its the best version to be running, what issues are known, and what updates are in flight.

dangerous place


Security pros can't see across either

Security pros know when a vulnerability has been reported, but they don't know if it matters. They don't know what code is in production, and what they should focus everyone's attention on. They struggle to prioritize the barrage of alerts and issues from noisy security tools, and when an incident occurs, they scramble everyone to react, without the right information to make meaningful decisions. It's spray and pray and it doesn't work.

Hunt Hobo Symbol


We solve the visibility gap between development and deployments

We collect, and can inject, metadata in source code, open source libraries, containers and binaries. With a simple configuration change in your CI/CD, we automatically track all code during development and after it has been deployed.

Using Crash Override, developers have visibility into the production environment, site reliability engineers have visibility into the development process, and security pros can manage the risk across it all.

connect partner with others
Crash Override  

Founded in the summer of 2022 by John Viega (CEO) and Mark Curphey (CMO), we are now a growing team of computer scientists and software engineers across the US and Europe.

John and Mark have a long history in application security from authoring the first ever book on the topic (and a bookshelf of others since), founding OWASP in 2002 and the Software Security Project in 2023. More recently they were founders of two successful application security companies, SourceClear and Capsule8.

The Executive team now includes Brandon Edwards, former Chief Scientist at Capsule8 and Rich Smith, former CSO of Etsy and head of R&D at Duo Security.

The core engineering team have a long history of building Linux kernel tools, code analysis tools and large scale web platforms.

So why the name Crash Override?

We live and breathe computer science, software development and computer security and have done for decades. It is who we are and what we do. When we named the company, we wanted to convey our heritage and love for the industry and so based our brand on the classic movie Hackers. We are literally a security company named after a film that celebrated the hacker manifesto and the inclusivity of outliers.

We are Crash Override.